Court says police can’t force suspects to turn over passwords:
The highest court in Pennsylvania has ruled that the state’s law enforcement cannot force suspects to turn over their passwords that would unlock their devices.
The state’s Supreme Court said compelling a password from a suspect is a violation of the Fifth Amendment, a constitutional protection that protects suspects from self-incrimination.
It’s not an surprising ruling, given other state and federal courts have almost always come to the same conclusion. The Fifth Amendment grants anyone in the U.S. the right to remain silent, which includes the right to not turn over information that could incriminate them in a crime. These days, those protections extend to the passcodes that only a device owner knows.
But the ruling is not expected to affect the ability by police to force suspects to use their biometrics — like their face or fingerprints — to unlock their phone or computer.
Because your passcode is stored in your head and your biometrics are not, prosecutors have long argued that police can compel a suspect into unlocking a device with their biometrics, which they say are not constitutionally protected. The court also did not address biometrics. In a footnote of the ruling, the court said it “need not address” the issue, blaming the U.S. Supreme Court for creating “the dichotomy between physical and mental communication.”
Peter Goldberger, president of the ACLU of Pennsylvania, who presented the arguments before the court, said it was “fundamental” that suspects have the right to “to avoid self-incrimination.”
(Score: 2) by deimios on Friday November 22 2019, @06:09AM (4 children)
So 1 of the 3 factors of authentication is protected: "what you know"
Nr. 2 "what you have" is not protected, so if they take your keys they can use them.
Nr. 3 "what you are" is a bit nebulous, but since that would fall under impersonation it might be a bit troublesome. On the other hand if you use a photocopy of their fingerprints to unlock the phone, is that impersonation or just taking away his "keys"?
(Score: 4, Insightful) by hemocyanin on Friday November 22 2019, @07:32AM (2 children)
Things you have and things you are, are protected by the 4th Amendment. The issue is that the 4A allows authorities to get a warrant for your stuff and for you, and courts give out warrants like a pedophile giving out candy.
I just put tape over the fingerprint sensor because A) the security it provides is legally meaningless and B) google doesn't need it.
(Score: 4, Touché) by c0lo on Friday November 22 2019, @12:32PM
If pedos give out that much candy, no wonder the American society is fucked-up since early childhood, obese and diabetic. (grin)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by NotSanguine on Saturday November 23 2019, @02:32AM
That's not quite true. The courts have long held that police may search your person and immediate surroundings without a warrant for "safety" reasons when you are detained/arrested.
That they are allowed to search your car, for example to search for weapons ("safety") after you've been cuffed and shoved into the back of a patrol car is just one of the many privacy intrusions enabled by this fiction.
That the courts continue to allow this is wrong in the extreme. I could understand (although I probably wouldn't agree with it) an argument patting you down or checking your pockets (only if you're being arrested) to ensure you don't have any weapons to attack them, but there's nothing in someone's phone that could be used as a weapon.
Warrants *should* be required for any sort of search, but they're not. More's the pity.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Informative) by dwilson on Friday November 22 2019, @08:06PM
It's not nebulous at all, if you read 'what you are' as the more accurate 'who you are'. That's really all biometrics was supposed to be, an alternate way to supply your username. Phone manufacturers have been doing it wrong from day one.
Look at it this way: Hard-coding your username in to your device and then requiring your username in another format to unlock it, is dumb. There are few cases where dumb ought to be protected by law, and this isn't one of them. Use a passcode!
- D